[TCP]: Compute in_sacked properly when we split up a TSO frame.
The problem is that the SACK fragmenting code may incorrectly call tcp_fragment() with a length larger than the skb->len. This happens when the skb on the transmit queue completely falls to the LHS of the SACK. And add a BUG() check to tcp_fragment() so we can spot this kind of error more quickly in the future. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Herbert Xu
committed by
David S. Miller
David S. Miller
parent
1619cca292
commit
3c05d92ed4
@ -435,6 +435,8 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
|
||||
int nsize, old_factor;
|
||||
u16 flags;
|
||||
|
||||
BUG_ON(len >= skb->len);
|
||||
|
||||
nsize = skb_headlen(skb) - len;
|
||||
if (nsize < 0)
|
||||
nsize = 0;
|
||||
|
||||
Reference in New Issue
Block a user